mendelson opensource AS2 1.1 b51 released

Profile picture for user service

Hi all,

a new version of the community version of the mendelson AS2 software has been released.

You could download your version at http://as2.mendelson-e-c.com

Enhancement:
*The key generator could generate EC keys now
*Support for RFC 5753 (Use of Elliptic Curve Cryptography (ECC) Algorithms in Cryptographic Message Syntax (CMS))
*Support for signature generation and validation using EC keys and certificates
*The certificate manager displays the trust chain of every certificate now
*The "Toggle refresh" button now disables the log output, too

Changes:
*The Algorithm Protection Attribute of signatures could be disabled per partner as there are several older AS2 programs out that could not deal with it

Fixes:
*On receipt of multiple payloads there were generated n tabs in the client but the content was always the one of the first payload
*The manual send process of data did not transfer the right original filename
*EC keys were not displayed in a proper way in the certificate manager
*The original filename is kept now on (manual) transaction resend
*The JKS export of private keys failed
*The p7b import of certificates did not work with more than 2 certificates in the chain
*The p7b export of the certificate manager did not export the whole trust chain
*The passwords had not been set for JKS key import - this resulted in a "cannot recover key" message

Updates (3rd party libs):
*Update to BC 1.54 (crypto API, see https://www.bouncycastle.org/)
*Update to HSQLDB 2.3.4 (Database)
*Update to javamail 1.5.6
*Update to Apache MINA 2.0.16

Hint:
The mendelson opensource AS2 will run fine with Java 64 bit VMs. If you have problems with the memory consumption please install a 64 bit java VM (not included), patch the VM with the "jurisdiction policy strength files" (Oracle download) and set the main memory of the JVM to 4 GB.

Please have a look at the included file "upgrade_howto.txt", it explains how to upgrade from an older version of mendelson opensource AS2.

---
Thank you all for your feedback and your help

Your mendelson dev team

Forum
AS2

Comments

Permalink

Hello,

after the update we are unable to resend a message manually. He is asking for a confirmation, that I'm sure to resend it and after pressing "Yes" he does nothing. I didn't even found a log entry.
We are using the free Version.

Did someone else has a similar problem and a workaround for it?
Regards,
Thomas

Profile picture for user service
Permalink

Thomas K,

thank you for the feedback! I can confirm this problem. It does not happen if you select more than a transaction to resend them all. To fix it for single selections please perform the following change in the class ManualSendRequest found in the package de.mendelson.comm.as2.client.manualsend:

Modify the method setUploadHash that it looks like this:


public void setUploadHash(String singleUploadHash) {
this.uploadHashs.add(singleUploadHash);
}

Regards

Permalink

Changes:
*The Algorithm Protection Attribute of signatures could be disabled per partner as there are several older AS2 programs out that could not deal with it

YES! :D

Profile picture for user service
Permalink

knotz,

you are right, we checked this. There was a problem in the build process that derives the community version from our current commercial version, an old version of the class de.mendelson.comm.as2.webclient2.AS2WebUI has been taken.

Please perform the following modifications to make it work:

old:

if (foundUser == null
|| foundUser.getPasswdCrypted() == null
|| !(foundUser.getPasswdCrypted().equals(User.cryptPassword(password.toCharArray())))
|| !foundUser.getPermission(1).equals("FULL")) {
mainWindow.showNotification("Login failed",
"Wrong credentials or no permission",
Window.Notification.TYPE_WARNING_MESSAGE);
} else {
[...]
}

new:


if (foundUser == null
|| foundUser.getPasswdCrypted() == null
|| !PBKDF2.validatePassword(password, foundUser.getPasswdCrypted())
|| !foundUser.getPermission(1).equals("FULL")) {
mainWindow.showNotification("Login failed",
"Wrong credentials or no permission",
Window.Notification.TYPE_WARNING_MESSAGE);
} else {
[..]
}

Regards

Permalink

That's a bummer. Unfortunately I don't have an IDE in place an I don't have time so set up one. Could you provide a download to an earlier version? I can't find any on your SourceForge page. I know that b39 still works.

Profile picture for user service
Permalink

knotz,

sorry we do not offer downloads for older version of the mendelson community versions.

Regards

Profile picture for user service
Permalink

knotz,

mainly we release the community version once a year. If you require the web user interface in the community edition please just modify the code as described. The commercial version does not have this problem.

Regards